Several high-profile Twitter accounts have been ‘hacked’ and used in a major cryptocurrency scam. The first Tweets were sent from the accounts around 3pm on July 15, 2020 and asked account followers to transfer Bitcoin to a specific address. In return, the account holder promised to double the amount sent.
The Twitter accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Michael Bloomberg, Joe Biden, Barack Obama, Apple, CashApp, Bitcoin, Uber, and Coinbase were among those used in the scam. The Tweets sent from those accounts differ slightly, but all have a similar theme
The following Tweet was sent from the accounts of both Elon Musk and Bill Gates:
Everyone is asking me to give back, and now is the time.
I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000.
BTC Address – bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
Only going on for 30 minutes! Enjoy!
The accounts of Bitcoin, Ripple, Coinbase, Coindesk, and Binance were all used to send the following message
“We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” with a link to its website. The website explained that the move was in response to the damage COVID-19 had caused to the economy and requested payment of between 0.1 BTC to 20 BTC, which would be doubled and returned to the sender. RISKIQ published a list of 391 domains linked to the attack which shows the scale of the campaign.
Scams such as this are nothing new, but what makes this campaign stand out is the scale of the attack and the number of accounts that were hijacked, many of which had 2-factor authentication in place, showing the attackers managed to bypass this security control.
The campaign is currently being investigated but it appears that rather than individual accounts being hacked, the attackers leveraged the Twitter platform. Some reports suggest that a Twitter employee was involved in the scam and worked with the hackers to give them access to internal admin tools. On Wednesday, Twitter confirmed that an internal admin tool had been used in the attack, which it said was accessed following a coordinated social engineering attack on its employees, suggesting this was not due to a malicious insider, most likely responses to spear phishing emails.
Many people have fallen for the scam. The above Bitcoin address has received 12.86 BTC ($117,965) across 373 transactions, although multiple wallets appear to have been used so it is unclear exactly how much has been sent in response to the Tweets.